The decision to embrace social media technology is a risk-based decision, not a technology-based decision. It must be made based on a strong business case, supported at the appropriate level for each department or agency, considering its mission space, threats, technical capabilities, and potential benefits. The goal of the IT organization should not be to say “No” to social media websites and block them completely, but to say “Yes, following security guidance,” with effective and appropriate information assurancesecurity and privacy controls.

On January 21, 2009, President Barack Obama signed a Memorandum on Transparency and Open Government.[3] The Federal Government has responded with several initiatives which utilize collaborative social media technologies to engage with the public. The Federal CIO, Vivek Kundra, has stated Web 2.0 technologies are essential to "tap into the vast amounts of knowledge . . . in communities across the country."[4] Mr. Kundra has also developed a five-point plan to enable the administration's agenda: (1) open and transparent government; (2) lowering the cost of government; (3) cybersecurity; (4) participatory democracy; and (5) innovation.[5]

The use of social media technologies within the Federal Government quickly becomes a complex topic, with varying interpretations and perspectives. Researchers Dr. Mark Drapeau and Dr. Linton Wells at the National Defense University (NDU) define social media as social software, “applications that inherently connect people and information in spontaneous, interactive ways.” They have articulated four specific use cases of social media within the Federal Government.

These four use cases, depicted in Figure 1, include Inward Sharing, Outward Sharing, Inbound Sharing, and Outbound Sharing. While related, each use case has different threats and requires different information security controls to mitigate those threats.[6]

Outward Sharing, also known as inter-institutional sharing, enables Federal Government information to be shared with external groups, such as state and local governments, law enforcement, large corporations, and individuals. For example, agencies may use social media to communicate with the public during a time of crisis. Other examples of Outward Sharing include public websites used in a private function to facilitate the information-sharing role. These include GovLoop, an externally hosted social network catering to U.S. Government employees and contractors, STAR-TIDES, a knowledge-sharing research project for complex operations, and National Institute for Urban Search and Rescue, Readiness, Response, Resilience, and Recovery (NIUSR5) using LinkedIn to connect with members and share information.

Inbound Sharing, also known as crowdsourcing, is similar to conducting a large onlinecollaborative poll. Change.gov exemplifies inbound sharing where the “Open for Questions” forum allowed over 100,000 people to participate in a government-sponsored online meeting and submit over 75,000 questions ranging from the economy, to health care, to national security.

Outbound Sharing is federal engagement on public commercial social media websites. The authors of the NDU document cite the example of Colleen Graffy, formerly the Deputy Assistant Secretary of State for Public Diplomacy, who used Twitter to connect with foreign media before her visits to their respective countries. This gave foreign media outlets a perspective into her personality before her arrival, called “Ambient Awareness,” and provided a human aspect to Ms. Graffy’s official role. Ultimately she enabled more comfortable communications during her trip, and received more favorable reviews by foreign media.

Less federal guidance exists for inbound, outward, and outbound sharing use cases, and the guidance that does exist is relatively recent. For example, the U.S. Air Force New Media Guide,[8] published in 2009, provides guidance to address these new use cases for the Federal Government.

Federal agencies are increasingly using Web 2.0 technologies to enhance services and interactions with the public. Federal Web managers use these applications to connect to people in new ways. As of July 2010, 22 of 24 major federal agencies had a presence on Facebook, Twitter, and YouTube.